diff options
Diffstat (limited to 'modules/user/user.module')
| -rw-r--r-- | modules/user/user.module | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 3ceb4cf7a..0f3318cde 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2092,8 +2092,7 @@ function user_cancel_url($account) { } function user_pass_rehash($password, $timestamp, $login) { - // A single md5() is vulnerable to length-extension attacks, so use it twice. - return md5(drupal_get_hash_salt() . md5($timestamp . $password . $login)); + return drupal_hmac_base64($timestamp . $login, drupal_get_hash_salt() . $password); } /** |